How we use your information

This supplementary Privacy Notice describes how Surrey Heartlands may use your information to protect you and others during the Covid-19 outbreak.

• Privacy notice: Covid-19 and your information

Covid-19 vaccination programme – privacy information for health and care staff

The Covid-19 vaccination programme in Surrey Heartlands is being rolled out to all health and social care workers who have frequent face-to-face contact with patients and who are directly involved in patient care in either secondary or primary care, mental health, urgent and emergency care and community settings. This includes those working in independent, voluntary and non-standard healthcare settings such as hospices, and community-based mental health or addiction services.

Surrey Heartlands, on behalf of the Local Resilience Forum, have worked with partners to establish a booking system for these individuals to receive vaccinations at various sites within Surrey Heartlands.

Your employer will provide you with information on how to sign up to receive the vaccine and will share relevant information about you with the provider of your local vaccination service to allow you to be invited for vaccination.

When it is the right time for you to receive your vaccination you will receive an invitation to come forward by email, SMS, or telephone.

We know lots of people will be keen to get protected from the virus but we are asking people not to share these vaccination booking details with friends of family as we have a limited number of vaccines to offer and need to ensure these are provided to those providing health and care services first. Other people within the community will be contacted directly for their own appointment.

• Covid-19 vaccination privacy notice for health and social care staff

Information Governance

Information Governance provides a consistent way for employees to deal with the many different standards and legal rules that apply to information handling. This includes the Data Protection Act (DPA) 2018 - a United Kingdom Act of Parliament that updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR). Therefore GDPR and the Data Protection Act 2018 should be read side by side.

Subject Access Request

Individuals have the right to access information that Surrey Heartlands holds about them by making a Subject Access Request (SAR). The GDPR has removed the fees that could previously be charged for SARs and reduced the amount of time that organisations have to respond. This right applies to all individuals including staff, employees of other organisations, service users, visitors to offices, and attendees at events.

Each NHS organisation holds their own records and we can only supply Surrey Heartlands records. If Surrey Heartlands holds the data requested and it is not legally exempt from disclosure, the information must be supplied within one month (though this can be extended by up to a further two months in some circumstances).

You can request access to information about you that we hold by contacting Surrey Heartlands Information Governance Team.

Privacy notice: East Surrey Privacy notice: Guildford and Waverley Health and Care Alliance Privacy notice: North West Surrey Alliance Privacy notice: Surrey Downs Health and Care Partnership

Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments.

In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.

You can choose whether your confidential patient information is used for research and planning.

• To find out more visit: Your NHS Data Matters (nhs.uk)
• Make your data choice online: Manage your data choice (nhs.uk)